URLhaus Database

You are currently viewing the URLhaus database entry for https://ormtravel.com/iat/ which is being or has been used to serve malware. Please consider that URLhaus does not differentiate between websites that have been compromised by hackers and such that has been setup by cybercriminals for the sole purpose of serving malware.

Database Entry



Add tag Remove tag Perform URL rescan Delete this URL Report a False Positive
ID:2659426
URL: https://ormtravel.com/iat/
URL Status:Offline
Host: ormtravel.com
Date added:2023-06-13 17:52:39 UTC
Last online:2023-06-15 16:XX:XX UTC
Threat:Malware download Malware download
URLhaus blocklist:Not blocked
Spamhaus DBL :Not blocked
SURBL :Not blocked
Quad9 :Not blocked
AdGuard :Not blocked
Cloudflare :Not blocked
dns0.eu :Not blocked
ProtonDNS :Not blocked
OpenBLD :Not blocked
DNS4EU :Blocked
Reporter: Cryptolaemus1
Abuse complaint sent (?): Yes (2023-06-13 17:54:48 UTC to abuse{at}gmo[dot]jp)
Takedown time:1 day, 22 hours, 32 minutes Poor (down since 2023-06-15 16:27:23 UTC)
Tags:BB32 geofenced js Qakbot link Quakbot link USA

Payload delivery

The table below documents all payloads that URLhaus retrieved from this particular URL.

FirstseenFilenameFile TypePayload (SHA256)VTBazaarSignature
2023-06-15document_FB025_Jun_15.zipzip 9d3683a269d2a0e015bc4ae8a3516b0f378f805c5f910e295bb82f8391062f49n/a Quakbot
2023-06-15document_BA765_Jun_15.zipzip 554cd23e1ded73971d74e091da1ea19ad62c40e05652800ef1a2461656ed6b78n/a Quakbot
2023-06-15Au6NxxdjOQnwJ.jsjs b6c0cfb04e491d2aafdfd45f6725556d7273cbb2c6490e7de6ac7bfb5199abcfVirustotal results 15.25% Quakbot
2023-06-150yyTMReq9mgZmp.jsjs dd86206484a4459522350b341026bbd7ba271a1c60b2af71ed81e7d981f5201bn/a Quakbot
2023-06-15wk4MdNyJHIDRE6.jsjs b6da8bcd11a54d80dac6eb0be014c87f445fff2c9ac289bb338efb12d7ba116en/a Quakbot
2023-06-15BPSlhdv6z33LnF.jsjs 7913e0875c1838d4152a78f8cff1f5766fbd61b8f2cc84aeef06366bfa7d47efn/a Quakbot
2023-06-149DZtOu8vbIw6S.jsjs cf59b7b68f3e6679c18db893a7990e97c3c0f712400ba52e2488bb591710279an/a 
2023-06-1459Znv5KWamZj53.jsjs 663be6530cfc32336c0ef50ef11b41ae3f7fad0d543735fb5fc19c9f8ade29f8Virustotal results 0.00% Quakbot
2023-06-14docu_CB018_Jun_14.zipzip b6486397ece20221c30e7620d661c5dd5911b634831c715818facd9f6e7cd8a5n/a Quakbot
2023-06-14bJQrQIPQrhCO.jsjs f3c89b57ec700157818293b4ab3cc6998e1cc99bce9e06431180baed8e8f8333Virustotal results 0.00%Quakbot
2023-06-14SQpYg9aMcNQvc.jsjs e918e17a0a639c0f284a76059249a8398b71eb09bb54e4409fe6ae526a332431Virustotal results 0.00%Quakbot
2023-06-14052EdZ6QZW4CA9.jsjs ace189f15cf0a9d4524c9807a5c89842103e12be060ea33e270b0ae5c4c36d53Virustotal results 15.25% 
2023-06-14GXjIvHZdmODq3H.jsjs 3b4e67fd941416d3d7c685fa8ce18c84f2b82364abce51234063e2482eeb801bVirustotal results 0.00% Quakbot
2023-06-14Yy7EKlxmkcEj.jsjs 2dc927c46ac6cd140d42396e6735b2fd513aceaee58df8abce585028c78d98ebVirustotal results 1.69% Quakbot
2023-06-14StjLYl0ZV4wgpy.jsjs bc7f8a0c0173cdb7fe20372bc4ed888006702d7882dd8a12d619afd70fbf1024Virustotal results 0.00%Quakbot
2023-06-14ZduxYNbpVAGgjC.jsjs c1635e35e5061a90a5f2ed1ec06b1835ad987bdaf6cb936bd10b1eca1ee3aa84Virustotal results 0.00% Quakbot
2023-06-14kNHvtGkegAH8pE.jsjs b3211a16069b7928e1bd457442e5816b09d29ed9baa96db0c8feea2e00069609Virustotal results 0.00%Quakbot
2023-06-141IrvvH7usMAT.jsjs 0844e94ba68d1390cfd3197f9bf9bdebe3c09041a2de26f8d3f5f5393c03e131Virustotal results 1.69% Quakbot
2023-06-140OlLiwyjWaAnm.jsjs bf21e6cc9e1e759226f1e8a3edcec492015c1636ae1c23a01b471f20a03b47efn/a Quakbot
2023-06-14tmE8fWx4n3Jn4.jsjs ed907ebfe6f162d5609db5778bb3098592a86f8c8b3dac1c2d5e3eaf938b3a82Virustotal results 1.69% Quakbot
2023-06-14a8mWJb4hQSSAc.jsjs cea0787fe709eb7bd1f4572d915f64c70f3fb2d0467373885c3f452c7b7064f7Virustotal results 15.25%Quakbot
2023-06-13li3g76o13suNMx.jsjs a03fb947611acd929d3f687dcb4e0ad9d229dd0b13c940713ec8ceb2bf94ededVirustotal results 0.00%Quakbot
2023-06-13tar2RVaiYU22ZJ.jsjs 62356922472019adcfac4e233a2aabc0eca414f713a656412ee5b5a77dcb4658n/a Quakbot
2023-06-13W1Ga4SZuuY982v.jsjs ff31f3f315d1b88637d95129cfff075d737e697766188d8b72a39a806058f069Virustotal results 0.00%Quakbot
2023-06-13UKwopBmP7q19nX.jsjs b7d3d9170b9c0608e3fdd7305a783e833cb0797041f5c18547800b53269c7a3an/aQuakbot
2023-06-13JuP0BzKVqHSdg.jsjs e03dddc50009d64296028b01adaccdb4df369e4dcaac06a1cb0a3acaa046a9c7n/a